Intelligent CISO Issue 45 - Page 50

Successfully explaining DDoS to the board means drawing a straight line between defence of the network and defence of the bottom line .

Successfully explaining DDoS to the board means drawing a straight line between defence of the network and defence of the bottom line .

arrayed against them are evolving in parallel with the changes in enterprise IT . For their part , security practitioners need to talk to executives about the growing DDoS threat in a language they can understand .
General facts , figures and case studies will all be useful here – as will giving them an understanding of the specific risks your organisation faces . Primarily , however , successfully explaining DDoS to the board means drawing a straight line between defence of the network and defence of the bottom line . There are four key points to keep in mind .
1 . How DDoS is a threat to your organisation – specifically , are you a likely target
An executive might understand the general threat of a DDoS attack but to drive it home , they need to know how their particular organisation may get hit . As we ’ ve mentioned , DDoS extortion targets connectivity-dependent businesses . That connectivity is of particular value and thus concern , to industries like telecommunications , Internet Service Providers , online gaming , VoIP service and cloud hosts . That point can be forcefully underlined if your particular organisation is one of these sectors .
However , connectivity is an asset on which we all increasingly rely . Mass remote work is now the norm for many and the cloud is an asset which most cannot do without . These are the kinds of vectors a DDoS gang will paralyse in an attack . Understanding where those sensitivities lie and how they might hamstring an organisation will help executives understand the real threat that DDoS poses .
2 . How is DDoS a threat to revenue ?
Even if executives don ’ t understand the risk in terms of digital infrastructure overloads or gigabit per second floods , they will understand the punishing effect of downtime . That is what DDoS aims to accomplish – it is designed to cause downtime . It immobilises its victim ’ s business , causing them to spend time and resources to get their systems back online . That downtime sends shockwaves through an organisation to affect sales , marketing , customer support and more , thus endangering revenue streams throughout the organisation . There are also the attendant follow-on losses that come along with many cyberattacks , including damages to brand reputation , compliance penalties and more .
3 . DDoS and ransomware are getting closer
Ransomware is one of the most wellknown cyberthreats out there . Executives understand the risk it poses pretty well and it can be a useful reference point . One could note , for example , how similar ransomware and ransom DDoS tactics have gotten in recent years – whether it be through DDoS-extortion attacks such as the 2020 Telenor attack , or ransomware gangs ’ use of DDoS such as the HelloKitty gang – the tactics , if not the technology , of ransom DDoS attacks are often strikingly similar to ransomware and can wreak similar havoc .
4 . DDoS threatens future innovation
Finally , executives need to understand that if they don ’ t update their security defences , the organisation ’ s ability to innovate and scale will also be at risk . The connectivity which modern organisations rely on – like remote working and IoT – is a new soft underbelly for a DDoS attack . A wellplaced attack can also cripple an organisation ’ s internal ability to function .
Furthermore , attackers are evolving their methods to defeat traditional DDoS solutions . Short duration attacks have become the norm in DDoS , currently accounting for 85 % of attacks .
Their quick timing allows them to dodge legacy detection and mitigation DDoS solutions , doing most of their damage before any alarm can be raised or response mobilised .
This necessitates a change in the ways in which we protect ourselves . Many , however , are still wed to generic security protection . A recent Corero survey found that 58 % of employers still use outdated DDoS solutions , including relying on corporate firewalls . Executives need to know that if they want to scale and innovate safely , then their legacy protections may simply be inadequate .
Communicating this important security situation to people who don ’ t immediately understand the gravity of the DDoS landscape can feel like an uphill struggle . However , by translating your understanding of technical threat into business risk – executives can be made to understand how DDoS defence means revenue protection and more . u
50 www . intelligentciso . com